David Benjamin discovered that OpenSSL incorrectly handled comparing certificates containing a EDIPartyName name type. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2020-1971)
Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer fields. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2021-23841)
{ "availability": "No subscription required", "binaries": [ { "libssl-dev": "1.0.1f-1ubuntu2.27+esm2", "openssl": "1.0.1f-1ubuntu2.27+esm2", "libssl-doc": "1.0.1f-1ubuntu2.27+esm2", "libssl1.0.0-udeb": "1.0.1f-1ubuntu2.27+esm2", "libssl1.0.0": "1.0.1f-1ubuntu2.27+esm2", "libcrypto1.0.0-udeb": "1.0.1f-1ubuntu2.27+esm2" } ] }